Total
29557 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-2175 | 1 Apple | 1 Safari | 2025-04-09 | 7.6 HIGH | N/A |
| Apple QuickTime Java extensions (QTJava.dll), as used in Safari and other browsers, and when Java is enabled, allows remote attackers to execute arbitrary code via parameters to the toQTPointer method in quicktime.util.QTHandleRef, which can be used to modify arbitrary memory when creating QTPointerRef objects, as demonstrated during the "PWN 2 0WN" contest at CanSecWest 2007. | |||||
| CVE-2006-6515 | 1 Mantis | 1 Mantis | 2025-04-09 | 10.0 HIGH | N/A |
| Mantis before 1.1.0a2 sets the default value of $g_bug_reminder_threshold to "reporter" instead of a more privileged role, which has unknown impact and attack vectors, possibly related to frequency of reminders. | |||||
| CVE-2007-3953 | 1 Norman | 1 Norman Virus Control | 2025-04-09 | 4.3 MEDIUM | N/A |
| The OLE2 parsing in Norman Antivirus before 5.91.02 allows remote attackers to cause a denial of service via a crafted DOC file that triggers a divide-by-zero error. | |||||
| CVE-2007-1496 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 4.9 MEDIUM | N/A |
| nfnetlink_log in netfilter in the Linux kernel before 2.6.20.3 allows attackers to cause a denial of service (crash) via unspecified vectors involving the (1) nfulnl_recv_config function, (2) using "multiple packets per netlink message", and (3) bridged packets, which trigger a NULL pointer dereference. | |||||
| CVE-2007-0384 | 1 Postnuke Software Foundation | 1 Postnuke | 2025-04-09 | 5.1 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in preview in the reviews section in PostNuke 0.764 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2006-6271 | 1 Phpoll | 1 Phpoll | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PHPOLL 0.96 allow remote attackers to inject arbitrary web script or HTML via the language parameter to (1) index.php, (2) info.php; and (3) index.php, (4) votanti.php, (5) risultati_config.php, (6) modifica_band.php, (7) band_editor.php, and (8) config_editor.php in admin/. | |||||
| CVE-2007-0907 | 2 Php, Trustix | 2 Php, Secure Linux | 2025-04-09 | 5.0 MEDIUM | N/A |
| Buffer underflow in PHP before 5.2.1 allows attackers to cause a denial of service via unspecified vectors involving the sapi_header_op function. | |||||
| CVE-2007-0367 | 1 Maxum Development Corporation | 1 Rumpus Ftp Server | 2025-04-09 | 4.6 MEDIUM | N/A |
| Rumpus 5.1 and earlier has weak permissions for certain files and directories under /usr/local/Rumpus, including the configuration file, which allows local users to have an unknown impact by creating, modifying, or deleting files. | |||||
| CVE-2006-5959 | 1 Web Inhabit | 1 A\+ Store E-commerce | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in browse.asp in A+ Store E-Commerce allows remote attackers to execute arbitrary SQL commands via the ParentID parameter. | |||||
| CVE-2006-6698 | 1 Gnome | 1 Gconf | 2025-04-09 | 1.9 LOW | N/A |
| The GConf daemon (gconfd) in GConf 2.14.0 creates temporary files under directories with names based on the username, even when GCONF_GLOBAL_LOCKS is not set, which allows local users to cause a denial of service by creating the directories ahead of time, which prevents other users from using Gnome. | |||||
| CVE-2007-1965 | 1 Exv2 | 1 Content Management System | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in eXV2 CMS 2.0.4.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the set_lang parameter to (1) archive.php, (2) article.php, (3) index.php, or (4) topics.php. | |||||
| CVE-2007-1075 | 1 Turbosoft | 1 Turboftp | 2025-04-09 | 7.8 HIGH | N/A |
| TurboFTP 5.30 Build 572 allows remote servers to cause a denial of service (CPU consumption) via a response with a large number of newline characters. | |||||
| CVE-2006-5204 | 1 Invision Power Services | 1 Invision Power Board | 2025-04-09 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in action_admin/member.php in Invision Power Board (IPB) 2.1.7 and earlier allows remote authenticated users to inject arbitrary web script or HTML via a reference to a script in the avatar setting, which can be leveraged for a cross-site request forgery (CSRF) attack involving forced SQL execution by an admin. | |||||
| CVE-2007-3452 | 1 Edocstore | 1 Edocstore | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in essentials/minutes/doc.php in eDocStore allows remote attackers to execute arbitrary SQL commands via the doc_id parameter in an inline action. | |||||
| CVE-2007-4504 | 1 Joomla | 1 Rsfiles | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in the RSfiles component (com_rsfiles) 1.0.2 and earlier for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter in a files.display action. | |||||
| CVE-2006-6137 | 1 Sisfo Kampus | 1 Sisfo Kampus | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Sisfo Kampus 0.8 allow remote attackers to execute arbitrary PHP code via a URL in the (1) exec parameter to index.php or (2) print parameter to print.php, which is also accessible via the print command to index.php. | |||||
| CVE-2006-7115 | 1 Phpkit | 1 Phpkit | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in PHPKit 1.6.1 RC2 allows remote attackers to inject arbitrary SQL commands via the catid parameter to include.php when the path parameter is set to faq/faq.php, and other unspecified vectors involving guestbook/print.php. | |||||
| CVE-2006-6012 | 1 Mginternet | 1 Car Site Manager | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in csm/asp/listings.asp in MGinternet Car Site Manager (CSM) allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-2713 | 1 Ifusionservices | 1 Ifdate | 2025-04-09 | 10.0 HIGH | N/A |
| ifdate 2.x sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to obtain administrative access via a direct request for the admin/ URI. | |||||
| CVE-2007-2422 | 1 Comdev | 1 Modules Builder | 2025-04-09 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple PHP remote file inclusion vulnerabilities in Modules Builder (modbuild) 4.1 for Comdev One Admin allow remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter to (1) config-bak.php or (2) config.php. NOTE: CVE disputes this vulnerability because the unmodified scripts set the applicable variable to the empty string; reasonable modified copies would use a fixed pathname string | |||||